1.1.10 Ensure that the admission control plugin AlwaysAdmit is not set

Information

Do not allow all requests.

Rationale:

Setting admission control plugin 'AlwaysAdmit' allows all requests and do not filter any requests.

Solution

Edit the API server pod specification file '/etc/kubernetes/manifests/kube-apiserver.yaml' on the master node and set the '--enable-admission-plugins' parameter to a value that does not include 'AlwaysAdmit'.

See Also

https://workbench.cisecurity.org/files/2421

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CSCv6|14

Plugin: Unix

Control ID: 10c1c139f2aca3daccaa89356f97f85e6367b3ce31b88337be460016b99b9edd